<?php
	DEFINE('H1', '7-4: Building a Login Form');
	DEFINE('TITLE','7-4: Building a Login Form');
	require('includes/header.php');
	require_once('includes/security.php');
?>	
	<h2><?PHP echo H1 ?></h2>

<?php
	if(!isset($_POST['submit'])) {
?>
	<form method="post" action="login2.php">
		Username: <br />
		<input type="text" name="username" />
		<br />
		Password: <br />
		<input type="password" name="password" />
		<br /><br />
		
		<input type="submit" name="submit" value="Log In" />	
	</form>
<?php
	} else {
		$username = $_POST['username'];
		$password = $_POST['password'];
		
		if (empty($username)) {
			die('Error: Please enter your username');
		}
		if (empty($password)) {
			die('Error: Please enter your password');
		}
		
		require_once ('db/DBParms.php');

		$mysqli = new  mysqli(DBHOST, DBUSER, DBPWD, "appl");
			if($mysqli === false) {
				die("Error: Could not connect to database . " . mysqli_connect_error());
			}

		$username = $mysqli->escape_string($_POST['username']);
		
		$sql = "SELECT username FROM users WHERE username = '$username'";
		if ($result = $mysqli->query($sql)) {
			$row = $result->fetch_object();
			
			if ($result->num_rows > 0) {
				$sql = "SELECT password, id, security_token, date_last_accessed FROM users WHERE username = '$username'";
				
				if ($result = $mysqli->query($sql)) {
					$row = $result->fetch_object();
					$salt = $row->password;
					$sec = $row->security_token;
					$dla = Timestamp();
					$date = $row->date_last_accessed;
					
					setSecurityToken($sec);

					$id = $row->id;
					
					if ($salt == sha1($_POST['password'])) {
						echo "Successful Log In ... Security code: $sec <br />";
						$updt = "Update users set date_last_accessed = '$dla' where id = $id;";
					
						if($mysqli->query($updt) === true){
							wrt("Date last accessed updated to $dla <br />");
							if(isBlocked())
								wrt("Your access is BLOCKED.");
							if(isEnabled())
								wrt("Your access is ENABLED.");
							if(chgPwd())
								wrt("You need to change your password.");
							if(isAnalyst())
								wrt("You are an Analyst.");
							if(isFac())
								wrt("You are a Facilitator.");
							if(isUser())
								wrt("You are a User.");
							if(isAdm())
								wrt("You are an Admin.");
						}

					$_SESSION['username'] = $username;
					$_SESSION['security_token'] = $sec;
					
					$ss = $_SESSION['security_token'];
					wrt("Token set to $ss");
					if(! empty($_SESSION['nextScript']))
						$nextScript = $_SESSION['nextScript'];
					else
						$nextScript = "Dispatcher.php";	
						header("Location: " . $nextScript);

					} else {
						echo 'You entered an incorrect password.';
					}
				} else {
					echo "Error: Could not execute $sql . " . $mysqli->error;
				}
			} else {
				echo 'You entered an incorrect username.';
			}
		} else {
			echo "Error: Could not execute $sql. " . $mysqli->error;
		}
	$mysqli->close();
	}	

?>

<?php
	require('includes/footer.php');
?>